ccchb
/
ansible
mirror of https://dev.ccchb.de/ccchb/ansible.git
3
0
Fork 0
Code Issues Releases Wiki Activity

Make HAProxy use its new chroot jail in /var/run/haproxy. 

Fixes #19
This commit is contained in:
genofire 2020-10-26 23:31:57 +01:00
parent 97daf854d0
commit 28fbdff74b
2 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
roles/haproxy/tasks/main.yml
View File

@ -31,6 +31,14 @@
opts: rw,size=128m,mode=750,uid=20000,gid=20000,late opts: rw,size=128m,mode=750,uid=20000,gid=20000,late
state: mounted state: mounted
- name: Create /var/run/haproxy
file:
path: /var/run/haproxy
state: directory
owner: root
group: wheel
mode: 0755
- name: Create HAProxy service directories - name: Create HAProxy service directories
file: file:
path: '/etc/s6-rc/service/{{ item }}' path: '/etc/s6-rc/service/{{ item }}'

2
roles/haproxy/templates/global.cfg.j2
View File

@ -1,6 +1,6 @@
# {{ ansible_managed }} # {{ ansible_managed }}
global global
chroot /var/empty chroot /var/run/haproxy
log stdout format raw local0 info log stdout format raw local0 info
user haproxy user haproxy
group haproxy group haproxy